Cybersecurity | Breaking Cybersecurity News | The Hacker News

Software-as-a-service (SaaS) applications have become the backbone of many modern businesses. With the myriad of functionalities they offer, they maximize collaboration, agility, scalability, and ultimately, profits. So it's no wonder that companies rely on an incredible hundreds of apps today, up from dozens just a few years ago. But this rapid adoption has introduced brand-new vulnerabilities and elusive blind spots. 2024 saw many attacks originating from SaaS apps including those perpetrated by nation states . And the headlines about SaaS app attacks seem to be getting more ominous if that is even possible. The culprits behind the attacks come from outsiders, insiders, third parties, and even unintentional human errors or negligence. The need to address this snowballing trend has reached a critical point. Given the scale and speed of app development and adoption, we are creating a larger attack surface for increasingly capable adversaries every day. In such a high-stakes environm

In our current tech landscape, dealing with cybersecurity incidents like ransomware and other disasters is unavoidable. To keep your business running, you need to be able to take disruptions and cyberattacks in stride. This means being able to not just bounce back from an outage or data loss situation — but bounce forward each time. This is at the heart of data resilience. Read on to learn more about how to keep your organization moving forward, no matter what comes your way. Stay Ahead of the Curve As cybersecurity threats and ransomware attacks continue to increase and evolve, it's critical that you stay ahead of the curve when it comes to keeping up with cybersecurity trends. Cyber threats are evolving quickly into more sinister and dangerous variants, and they won't wait for your defenses to catch up. Some of the top cybersecurity and data protection trends this year include using zero trust principles like multi-factor authentication (MFA) systems, passkeys, and password-less

Though every organization is susceptible to data breaches, those in FinTech, Healthcare, and SaaS are particularly vulnerable to attacks due to the high volume of data they possess. It's all the more necessary for these organizations to secure their digital estate end-to-end. Identity & access management (IAM), authorization policies, and observability tools are required to enforce security. But with the proliferation of microservices, distributed architectures, numerous vendor and partner integrations, as well as open-source components, the digital supply chain has become more vast and complex than ever. This requires a purpose-built security solution that addresses the new needs of organizations in these sectors, to which Non-human identity management has risen to meet. Let's dive deeper, by looking at recent data breaches in each of these three sectors, beginning with FinTech. Breach examples in FinTech The term 'FinTech' includes a range of organizations such as banks, no

Many organizations might not find it easy to integrate existing security infrastructure with zero-trust network access (ZTNA) solutions. At first glance, ZTNA bolsters the safety and flexibility of having a distributed staff. However, implementing such systems can be challenging as they may clash with older systems and existing security protocols. To begin with, security teams need to take into account the current architecture, potential friction points, and how user experience should be seamless when integrating ZTNA. Thankfully, there are rising tools and methodologies that make this process less complicated in order for companies to gain all the advantages of ZTNA without compromising their present state of security. To help you through this process smoothly without compromising your cybersecurity strategy, here are some best practices on how you can successfully implement ZTNA using your existing security infrastructure. Why should businesses implement ZTNA? Organizations cont

Safeguarding the sensitive information within your Microsoft 365 environment is more important than ever. From accidental deletion and ransomware attacks to costly compliance failures, the consequences of inadequate data protection can be severe. It's important to understand the Shared Responsibility Model. The Model explains that Microsoft secures and ensures the uptime of its infrastructure, while you're ultimately responsible for correctly configuring settings, protecting against accidental data loss, and ensuring compliance with relevant regulations. Microsoft 365 provides powerful services, but a comprehensive backup of your data is not included in a standard Microsoft 365 license. Having an effective data protection strategy and comprehensive data backups are your best defense against these invisible dangers. In today's digital era, the necessity of modernizing data protection solutions cannot be overstated. The 2024 Data Protection Trends Report revealed that 75% of org

So you're going on a threat hunt…and you want to catch a big (malicious) one. Identifying malicious infrastructure can be a particularly daunting threat-hunting objective. Attackers who are intent enough on setting up things like C2 networks, phishing sites, and impersonated domains, are also, not surprisingly, often very good at hiding their tracks with tactics ranging from the use of proprietary VPNs to compromised intermediary services. So even when malicious infrastructure is visible, source attribution can remain a thorny problem. That said, there are tools like Censys Search that can make the challenge of tracking and understanding malicious infrastructure more achievable. Consider the following user stories, how-to articles, and videos for insights you can use to inform, inspire, and even supercharge your next investigation into malicious infrastructure. 7 Resources Worth a Read (or Watch) 1. How to Identify Malicious Infrastructure: Demo Let's start with a quick video

Open-source libraries allow developers to move faster, leveraging existing building blocks instead of diverting resources to building in-house. By leaning on existing open-source packages, engineers can focus on complex or bespoke elements of their products, using package managers and open-source maintainers to make it easy to pull everything together.  However, you can't deny that building software using open source makes your applications more vulnerable to security risks. In an open-source library, attackers have direct access to code, and can search for current and historical vulnerabilities, as well as any issues and tickets managed on websites such as GitHub or GitLab. This helps threat actors to quickly find packages that are vulnerable and launch an attack.  This is where Software Composition Analysis (SCA) comes in, with the purpose of scanning packages and uncovering vulnerabilities. SCA compiles and manages a catalog of software packages, alongside details such as their

In today's dynamic web threat landscape, staying a step ahead of risk is crucial. Businesses want to keep improving their websites with the latest customer service experience while maintaining a strong security posture and complying with strict privacy rules. With the help of a new risk assessment tool - Exposure Rating - we have calculated the risk exposure for nine leading customer service chatbots compared against each other. For the full chatbot ratings report, click here . But first, what is an Exposure Rating risk assessment tool? Contextual Risk Assessment for the Web Exposure Rating goes beyond traditional website security solutions. It delves deeper, providing a comprehensive assessment of your web risk exposure, benchmarked against industry leaders. The rating system analyzes every website, application, and domain within your environment, giving you a clear picture of your threat landscape. But Exposure Rating is more than just a report card. It's a powerful to

Security has always been a game of risk management, not risk elimination. Every decision to address one threat means potentially leaving another unattended. That deciding of which threat to address – and in what order – is the name of the game. In this triage process, abuse vulnerabilities,  i.e. , exploiting legitimate features of a platform in unintended ways to conduct digital misdeeds such as phishing campaigns, can get pushed down the priority list of security issues. I would like to argue that it's time we stop separating the concept of abuse vulnerabilities and security vulnerabilities.  Unlike security vulnerabilities that are, in essence, exploited loopholes or bugs in the code, fixes for abuse vulnerabilities can be slow to come. Yet these openings for abuse can easily lead to disaster if left unattended. Recent figures show that  68% of breaches  originate from these exact types of exploitations involving the human element making a mistake such as phishing attempts or abu